docker.io/prom/prometheus:v3.11.3 linux/amd64

docker.io/prom/prometheus:v3.11.3 - Trivy安全扫描结果扫描时间: 2026-05-13 11:58

全部漏洞信息

低危漏洞:0

中危漏洞:9

高危漏洞:14

严重漏洞:0

系统OS: 扫描引擎: Trivy 扫描时间: 2026-05-13 11:58

bin/prometheus (gobinary)

低危漏洞:0

中危漏洞:5

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/buger/jsonparser	CVE-2026-32285	高危	v1.1.1	1.1.2	github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32285 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-03-26 20:16 修改: 2026-04-21 15:42
github.com/docker/docker	CVE-2026-34040	高危	v28.5.2+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.42.0	1.43.0	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/docker/docker	CVE-2026-33997	中危	v28.5.2+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.42.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-39823	中危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16

bin/promtool (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:6

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/docker/docker	CVE-2026-34040	高危	v28.5.2+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/docker/docker	CVE-2026-33997	中危	v28.5.2+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
stdlib	CVE-2026-39823	中危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16